Original URL: http://www.reghardware.co.uk/2007/06/26/four_safari_fixes/
Apple has released four new fixes for its Safari cross-platform internet browser - less than two weeks after its launch. The new patches mark the second update to Safari since its release, and are part of a larger Safari 3.0.2 beta release for Mac OS X and Windows.
Both packs contain stability fixes in addition to the security update, but there are four fixes for vulnerabilities faced by Windows' users. A flaw in the WebKit component of Safari can be exploited by directing the user to a specially crafted webpage. This page could in turn cause an application crash and give the attacker the ability to install malware on the victim's computer.
Two of the weaknesses could leave users open to cross-site scripting attacks, while the remaining vulnerability allowed attackers to spoof legitimate websites. This flaw allows an attacker to edit the information that appears in the URL bar. An attacker could exploit the vulnerability to make a malicious site appear with the URL of a trusted one.
Mac users will see two security fixes provided in the update. The updates also contain stability fixes for 16 performance and stability bugs in Windows and nine in Mac OS X.
© 2007 ENN (http://www.enn.ie)
Apple's carpet-bomb Safari flaw can wreak havoc on Windows (10 June 2008)
http://www.theregister.co.uk/2008/06/10/apple_safari_carpet_bombing_demo/
Leopard security bug puts Mail users at risk (20 November 2007)
http://www.theregister.co.uk/2007/11/20/leopard_reintroduces_security_vuln/
Macs seized by porn Trojan (31 October 2007)
http://www.reghardware.co.uk/2007/10/31/in_the_wild_osx_trojan/
A Defcon survival guide (1 August 2007)
http://www.theregister.co.uk/2007/08/01/defcon_survival_guide/
'Mac worm' hacker in death threat farce (19 July 2007)
http://www.theregister.co.uk/2007/07/19/mac_worm_farce/
Apple TV gets its first critical security patch (20 June 2007)
http://www.reghardware.co.uk/2007/06/20/critical_appletv_patch/
Apple plugs holes in new Safari beta (14 June 2007)
http://www.reghardware.co.uk/2007/06/14/safari_holes_plugged/
Apple's Safari lacks bold vision (13 June 2007)
http://www.theregister.co.uk/2007/06/13/safari_cant_see_bold/
Security researchers poke holes in Safari (12 June 2007)
http://www.theregister.co.uk/2007/06/12/safari_security_bugs/
Apple's Safari 3: a crashing experience for non-US users (12 June 2007)
http://www.reghardware.co.uk/2007/06/12/safar_crashing_experience/
Jobs chucks Leopard titbits to Apple masses (12 June 2007)
http://www.reghardware.co.uk/2007/06/12/jobs_wwdc_07_leopard/